CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-5367
https://notcve.org/view.php?id=CVE-2020-5367
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim's data in transit. Dell EMC Unisphere para PowerMax versiones anteriores a 9.1.0.17, Dell EMC Unisphere para PowerMax Virtual Appliance versiones anteriores a 9.1.0.17 y PowerMax OS Release versión 5978, contienen una vulnerabilidad de comprobación de certificado inapropiada. Un atacante remoto no autenticado puede explotar potencialmente esta vulnerabilidad para llevar a cabo un ataque de tipo man-in-the-middle al suministrar un certificado diseñado e interceptar el tráfico de la víctima para visualizar o modificar los datos de una víctima en tránsito • https://www.dell.com/support/kbdoc/en-uk/000153935/dsa-2020-065-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-and-dell-emc-powermax-embedded-management-update-for-multiple-vulnerabilities • CWE-295: Improper Certificate Validation •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-5345
https://notcve.org/view.php?id=CVE-2020-5345
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics. Dell EMC Unisphere para PowerMax versiones anteriores a 9.1.0.17, Dell EMC Unisphere para PowerMax Virtual Appliance versiones anteriores a 9.1.0.17 y PowerMax OS Release versión 5978, contienen una vulnerabilidad de omisión de autorización. Un usuario malicioso autenticado puede potencialmente ejecutar comandos para alterar o detener las estadísticas de la base de datos • https://www.dell.com/support/security/en-us/details/544585/DSA-2020-065-Dell-EMC-Unisphere-for-PowerMax-Dell-EMC-Unisphere-for-PowerMax-Virtual-Appliance • CWE-602: Client-Side Enforcement of Server-Side Security CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 1CVE-2020-11899 – Treck TCP/IP stack Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2020-11899
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. La pila de Treck TCP/IP versiones anteriores a 6.0.1.66, presenta una Lectura Fuera de Límites The Treck TCP/IP stack contains an IPv6 out-of-bounds read vulnerability. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-006.txt https://cwe.mitre.org/data/definitions/125.html https://jsof-tech.com/vulnerability-disclosure-policy https://security.netapp.com/advisory/ntap-20200625-0006 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC https://www.dell.com/support/article/de-de/sln321836/dell-response-to-the-ripple20-vulnerabilities https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-0 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5358
https://notcve.org/view.php?id=CVE-2020-5358
Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link. Dell Encryption versiones anteriores a 10.7 y Dell Endpoint Security Suite versiones anteriores a 2.7, contienen una vulnerabilidad de escalada de privilegios debido a permisos incorrectos. Un usuario malicioso local con pocos privilegios podría explotar esta vulnerabilidad para alcanzar privilegios elevados en el sistema afectado con la ayuda de un enlace simbólico • https://www.dell.com/support/article/SLN321789 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.6EPSS: 0%CPEs: 36EXPL: 0CVE-2020-5363
https://notcve.org/view.php?id=CVE-2020-5363
Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive. Plataformas Select Dell Client Consumer and Commercial, incluyen un problema que permite cambiar la contraseña de administrador de BIOS por medio de la interfaz de administración de Dell sin conocer la contraseña de administrador de BIOS actual. Potencialmente, esto podría permitir a un actor no autorizado, con acceso físico y/o privilegios de administrador del sistema operativo al dispositivo, obtener acceso privilegiado a la plataforma y al disco duro • https://www.dell.com/support/article/SLN321604 • CWE-158: Improper Neutralization of Null Byte or NUL Character •